I understood that it's possible to add SNMP MIB files into the Wireshark. The question is:
Kind regards, Nima
asked 02 Aug '17, 01:19
edited 02 Aug '17, 01:25
SNMP MIB configuration can be found in the Preferences, under Name Resolution.
First use SMI Paths to setup the list of paths where to look for the MIB files.
Second use SMI Modules to define the MIB modules (that is the module names found in the MIB files) to be loaded.
Once that is done mark the checkbox Enable OID resolution.
You will be asked to restart Wireshark, which is needed to actually load the modules from the MIB files.
The library used to resolve OIDs to names from the modules is rather picky on MIB module correctness. If there are bugs in the MIB modules it will complain loudly. You may mark the checkbox Suppress SMI errors, but it still may not work. Also make sure MIB modules where object and syntaxes are imported from can be loaded.
answered 02 Aug '17, 04:41
edited 02 Aug '17, 04:42
Thanks for the answer. I also found out that apparently, it's very important for Wireshark that mib file name must be the same as module name which is described inside that mib file. it directly means that you cannot use a shared mib file for several devices.
(02 Aug '17, 06:34) Nima
Ah yes, another peculiarity of libsmi, the library doing the real work for Wireshark. I don't understand your next comment though: '...it directly means that you cannot use a shared mib file for several devices.' If you want to have a MIB module specific per device type and the various device types have common objects, then collect these in a separate MIB and import them in your device type specific MIBs.
(02 Aug '17, 07:05) Jaap ♦
Not a complete answer but may make the answer for the first part not important for you. Wireshark is a read only tool, i.e. it doesn't generate any traffic at all. So you'll only see SNMP messages which were sent by other sources (other machines and other applications running on the same machine where the capture was taken), and having the right MIB loaded only allows Wireshark to translate OIDs into human-readable form as you expect.